Security monitoring systems (SMSs) are systems associated with a set of analytics patterns concerned with information technology (IT) related security risks. SMS are often installed for companies' IT infrastructure and critical IT systems in the company's landscape in order to detect security incidents and safeguard the company's information. SMS may be configured to monitor specific areas, such as network traffic, or monitor exchange or modification of internal and confidential information. Different monitoring technologies may be utilized. SMS can have a large variety of areas for monitoring with different scope (e.g. database (DB), operating system (OS), and/or network and network traffic, etc.) or be focused on specific layers or technologies (e.g. business process monitoring).
Such SMSs may be trained to perform analysis over stored content related to monitored system. Some monitoring technologies may use a generic anomaly based approach to detect suspicious activities, other monitoring technologies may use a pattern based scanning approach. A combination of both these approaches may be used. Alerts raised by the detection of suspicious activities may require manual evaluation. Such alerts may be processed in a formal manner depending on specific legal obligations and negotiated terms. Effective security monitoring is related to a large amount of resources spent, including effort for setting up the SMSs and continuous improvement of the detection mechanism utilized.